function on_login()
{
global $_G;
empty($mrefreshtime) && ($mrefreshtime = 2000);
if ($_G['uid']) {
$ucsynlogin = uc_user_synlogin($_G['uid']);
$param = array('username' => $_G['member']['username'], 'ucsynlogin' => $ucsynlogin, 'uid' => $_G['member']['uid']);
showmessage('login_succeed', dreferer(), $param, array('showdialog' => 1, 'locationtime' => 1));
}
if (!($_G['member_loginperm'] = logincheck())) {
showmessage('login_strike');
}
if (!submitcheck('loginsubmit', 1)) {
$_G['referer'] = dreferer();
$cookietimecheck = !empty($_G['cookie']['cookietime']) ? 'checked="checked"' : '';
$username = !empty($_G['cookie']['loginuser']) ? htmlspecialchars($_G['cookie']['loginuser']) : '';
include template('member/login');
} else {
$_G['uid'] = $_G['member']['uid'] = 0;
$_G['username'] = $_G['member']['username'] = $_G['member']['password'] = '';
$result = userlogin($_G['gp_username'], $_G['gp_password'], null, null, 'auto');
if ($result['status'] > 0) {
setloginstatus($result['member'], $_G['gp_cookietime'] ? 2592000 : 0);
$ucsynlogin = uc_user_synlogin($_G['uid']);
$message = 1;
$param = array('username' => $_G['member']['username'], 'ucsynlogin' => $ucsynlogin, 'uid' => $_G['uid']);
showmessage('login_succeed', dreferer(), $param, array('showdialog' => 1, 'locationtime' => 1));
} else {
$password = preg_replace("/^(.{" . round(strlen($_G['gp_password']) / 4) . "})(.+?)(.{" . round(strlen($_G['gp_password']) / 6) . "})\$/s", "\\1***\\3", $_G['gp_password']);
$errorlog = dhtmlspecialchars(TIMESTAMP . "\t" . ($result['ucresult']['username'] ? $result['ucresult']['username'] : dstripslashes($_G['gp_username'])) . "\t" . $password . "\t" . "Ques #" . intval($_G['gp_questionid']) . "\t" . $_G['clientip']);
writelog('illegallog', $errorlog);
loginfailed($_G['member_loginperm']);
$fmsg = $result['ucresult']['uid'] == '-3' ? empty($_G['gp_questionid']) || $answer == '' ? 'login_question_empty' : 'login_question_invalid' : 'login_invalid';
showmessage($fmsg, '', array('loginperm' => $_G['member_loginperm']));
}
}
}
function check_user_login()
{
global $_G;
$admin_username = isset($_POST['admin_username']) ? trim($_POST['admin_username']) : '';
if ($admin_username != '') {
require_once libfile('function/member');
if (logincheck($_POST['admin_username'])) {
if ((empty($_POST['admin_questionid']) || empty($_POST['admin_answer'])) && $_G['config']['admincp']['forcesecques']) {
$this->do_user_login();
}
$result = userlogin($_POST['admin_username'], $_POST['admin_password'], $_POST['admin_questionid'], $_POST['admin_answer']);
if ($result['status'] == 1) {
$cpgroupid = DB::result_first("SELECT uid FROM " . DB::table('common_admincp_member') . " WHERE uid='{$result['member']['uid']}'");
if ($cpgroupid || $this->checkfounder($result['member'])) {
DB::insert('common_admincp_session', array('uid' => $result['member']['uid'], 'adminid' => $result['member']['adminid'], 'panel' => $this->panel, 'dateline' => TIMESTAMP, 'ip' => $this->core->var['clientip'], 'errorcount' => -1), false, true);
setloginstatus($result['member'], 0);
dheader('Location: ' . ADMINSCRIPT . '?' . cpurl('url', array('sid')));
} else {
$this->cpaccess = -2;
}
} else {
loginfailed($_POST['admin_username']);
}
} else {
$this->cpaccess = -4;
}
}
}
showmessage('login_succeed_inactive_member', 'api/relateshopex.php?action=login&forward=memcp.php&verify=' . $verify);
} else {
$dreferer = dreferer();
$verify = md5('login' . $dreferer . $passport_key);
showmessage('login_succeed', 'api/relateshopex.php?action=login&forward=' . rawurlencode($dreferer) . '&verify=' . $verify);
}
} else {
if ($groupid == 8) {
showmessage('login_succeed_inactive_member', 'memcp.php');
} else {
showmessage('login_succeed', dreferer());
}
}
} elseif (empty($secques) || $seccodemiss) {
$username = dhtmlspecialchars($member['discuz_user']);
$loginmode = dhtmlspecialchars($loginmode);
$styleid = intval($styleid);
$cookietime = intval($cookietime);
$loginauth = authcode($member['discuz_user'] . "\t" . $member['discuz_pw'], 'ENCODE');
include template('login_secques');
dexit();
}
}
$errorlog = dhtmlspecialchars($timestamp . "\t" . ($member['discuz_user'] ? $member['discuz_user'] : stripslashes($username)) . "\t" . $password . "\t" . ($secques ? "Ques #" . intval($questionid) : '') . "\t" . $onlineip);
writelog('illegallog', $errorlog);
loginfailed($loginperm);
showmessage('login_invalid', 'logging.php?action=login', 'HALTED');
}
} else {
showmessage('undefined_action');
}
dheader('location: ' . $_G['siteurl']);
}
}
} else {
dheader('location: ' . $_G['siteurl'] . 'member.php?mod=logging&action=login&referer=' . dreferer());
}
} elseif ($ac == 'login' && submitcheck('submit')) {
if (!($loginperm = logincheck($_GET['username']))) {
showmessage('login_strike');
}
if (!$_GET['password'] || $_GET['password'] != addslashes($_GET['password'])) {
showmessage('profile_passwd_illegal');
}
$result = userlogin($_GET['username'], $_GET['password'], $_GET['questionid'], $_GET['answer'], $_G['setting']['autoidselect'] ? 'auto' : $_GET['loginfield'], $_G['clientip']);
if ($result['status'] <= 0) {
loginfailed($_GET['username']);
failedip();
showmessage('login_invalid', '', array('loginperm' => $loginperm - 1));
}
if (!$_G['wechat']['setting']['wechat_qrtype']) {
if ($wechatuser) {
if ($result['member']['uid'] != $wechatuser['uid']) {
showmessage('wechat:wechat_openid_exists');
}
wechat_setloginstatus($result['member']['uid'], true);
} else {
WeChatHook::bindOpenId($result['member']['uid'], $openid);
wsq::report('bind');
}
setloginstatus($result['member'], 1296000);
showmessage('wechat:wechat_member_bind_succeed', $selfurl . 'bind');
function on_login()
{
global $_G;
if ($_G['uid']) {
$referer = dreferer();
$ucsynlogin = $this->setting['allowsynlogin'] ? uc_user_synlogin($_G['uid']) : '';
$param = array('username' => $_G['member']['username'], 'usergroup' => $_G['group']['grouptitle'], 'uid' => $_G['member']['uid']);
showmessage('login_succeed', $referer ? $referer : './', $param, array('showdialog' => 1, 'locationtime' => true, 'extrajs' => $ucsynlogin));
}
$from_connect = $this->setting['connect']['allow'] && !empty($_GET['from']) ? 1 : 0;
$seccodecheck = $from_connect ? false : $this->setting['seccodestatus'] & 2;
$seccodestatus = !empty($_GET['lssubmit']) ? false : $seccodecheck;
$invite = getinvite();
if (!submitcheck('loginsubmit', 1, $seccodestatus)) {
$auth = '';
$username = !empty($_G['cookie']['loginuser']) ? dhtmlspecialchars($_G['cookie']['loginuser']) : '';
if (!empty($_GET['auth'])) {
list($username, $password, $questionexist) = explode("\t", authcode($_GET['auth'], 'DECODE'));
$username = dhtmlspecialchars($username);
$auth = dhtmlspecialchars($_GET['auth']);
}
$cookietimecheck = !empty($_G['cookie']['cookietime']) || !empty($_GET['cookietime']) ? 'checked="checked"' : '';
if ($seccodecheck) {
$seccode = random(6, 1) + $seccode[0] * 1000000;
}
if ($this->extrafile && file_exists($this->extrafile)) {
require_once $this->extrafile;
}
$navtitle = lang('core', 'title_login');
include template($this->template);
} else {
if (!empty($_GET['auth'])) {
list($_GET['username'], $_GET['password']) = daddslashes(explode("\t", authcode($_GET['auth'], 'DECODE')));
}
if (!($_G['member_loginperm'] = logincheck($_GET['username']))) {
showmessage('login_strike');
}
if ($_GET['fastloginfield']) {
$_GET['loginfield'] = $_GET['fastloginfield'];
}
$_G['uid'] = $_G['member']['uid'] = 0;
$_G['username'] = $_G['member']['username'] = $_G['member']['password'] = '';
if (!$_GET['password'] || $_GET['password'] != addslashes($_GET['password'])) {
showmessage('profile_passwd_illegal');
}
$result = userlogin($_GET['username'], $_GET['password'], $_GET['questionid'], $_GET['answer'], $this->setting['autoidselect'] ? 'auto' : $_GET['loginfield'], $_G['clientip']);
$uid = $result['ucresult']['uid'];
if (!empty($_GET['lssubmit']) && ($result['ucresult']['uid'] == -3 || $seccodecheck)) {
$_GET['username'] = $result['ucresult']['username'];
$this->logging_more($result['ucresult']['uid'] == -3);
}
if ($result['status'] == -1) {
if (!$this->setting['fastactivation']) {
$auth = authcode($result['ucresult']['username'] . "\t" . FORMHASH, 'ENCODE');
showmessage('location_activation', 'member.php?mod=' . $this->setting['regname'] . '&action=activation&auth=' . rawurlencode($auth) . '&referer=' . rawurlencode(dreferer()), array(), array('location' => true));
} else {
$init_arr = explode(',', $this->setting['initcredits']);
$groupid = $this->setting['regverify'] ? 8 : $this->setting['newusergroupid'];
C::t('common_member')->insert($uid, $result['ucresult']['username'], md5(random(10)), $result['ucresult']['email'], $_G['clientip'], $groupid, $init_arr);
$result['member'] = getuserbyuid($uid);
$result['status'] = 1;
}
}
if ($result['status'] > 0) {
if ($this->extrafile && file_exists($this->extrafile)) {
require_once $this->extrafile;
}
setloginstatus($result['member'], $_GET['cookietime'] ? 2592000 : 0);
checkfollowfeed();
if ($_G['member']['lastip'] && $_G['member']['lastvisit']) {
dsetcookie('lip', $_G['member']['lastip'] . ',' . $_G['member']['lastvisit']);
}
C::t('common_member_status')->update($_G['uid'], array('lastip' => $_G['clientip'], 'lastvisit' => TIMESTAMP, 'lastactivity' => TIMESTAMP));
$ucsynlogin = $this->setting['allowsynlogin'] ? uc_user_synlogin($_G['uid']) : '';
if ($invite['id']) {
$result = C::t('common_invite')->count_by_uid_fuid($invite['uid'], $uid);
if (!$result) {
C::t('common_invite')->update($invite['id'], array('fuid' => $uid, 'fusername' => $_G['username']));
updatestat('invite');
} else {
$invite = array();
}
}
if ($invite['uid']) {
require_once libfile('function/friend');
friend_make($invite['uid'], $invite['username'], false);
dsetcookie('invite_auth', '');
if ($invite['appid']) {
updatestat('appinvite');
}
}
$param = array('username' => $result['ucresult']['username'], 'usergroup' => $_G['group']['grouptitle'], 'uid' => $_G['member']['uid'], 'groupid' => $_G['groupid'], 'syn' => $ucsynlogin ? 1 : 0);
$extra = array('showdialog' => true, 'locationtime' => true, 'extrajs' => $ucsynlogin);
$loginmessage = $_G['groupid'] == 8 ? 'login_succeed_inactive_member' : 'login_succeed';
$location = $invite || $_G['groupid'] == 8 ? 'home.php?mod=space&do=home' : dreferer();
if (empty($_GET['handlekey']) || !empty($_GET['lssubmit'])) {
if (defined('IN_MOBILE')) {
showmessage($loginmessage, $location, $param, array('location' => true));
} else {
if (!empty($_GET['lssubmit'])) {
if (!$ucsynlogin) {
$extra['location'] = true;
}
showmessage($loginmessage, $location, $param, $extra);
} else {
$href = str_replace("'", "\\'", $location);
showmessage('location_login_succeed', $location, array(), array('showid' => 'succeedmessage', 'extrajs' => '<script type="text/javascript">' . 'setTimeout("window.location.href =\'' . $href . '\';", 3000);' . '$(\'succeedmessage_href\').href = \'' . $href . '\';' . '$(\'main_message\').style.display = \'none\';' . '$(\'main_succeed\').style.display = \'\';' . '$(\'succeedlocation\').innerHTML = \'' . lang('message', $loginmessage, $param) . '\';</script>' . $ucsynlogin, 'striptags' => false, 'showdialog' => true));
}
}
} else {
showmessage($loginmessage, $location, $param, $extra);
}
} else {
$password = preg_replace("/^(.{" . round(strlen($_GET['password']) / 4) . "})(.+?)(.{" . round(strlen($_GET['password']) / 6) . "})\$/s", "\\1***\\3", $_GET['password']);
$errorlog = dhtmlspecialchars(TIMESTAMP . "\t" . ($result['ucresult']['username'] ? $result['ucresult']['username'] : $_GET['username']) . "\t" . $password . "\t" . "Ques #" . intval($_GET['questionid']) . "\t" . $_G['clientip']);
writelog('illegallog', $errorlog);
loginfailed($_GET['username']);
$fmsg = $result['ucresult']['uid'] == '-3' ? empty($_GET['questionid']) || $answer == '' ? 'login_question_empty' : 'login_question_invalid' : 'login_invalid';
if ($_G['member_loginperm'] > 1) {
showmessage($fmsg, '', array('loginperm' => $_G['member_loginperm'] - 1));
} elseif ($_G['member_loginperm'] == -1) {
showmessage('login_password_invalid');
} else {
showmessage('login_strike');
}
}
}
}
function on_login() {
global $_G;
if($_G['uid']) {
$referer = dreferer();
$ucsynlogin = $this->setting['allowsynlogin'] ? uc_user_synlogin($_G['uid']) : '';
$param = array('username' => $_G['member']['username'], 'usergroup' => $_G['group']['grouptitle'], 'uid' => $_G['member']['uid']);
showmessage('login_succeed', $referer ? $referer : './', $param, array('showdialog' => 1, 'locationtime' => true, 'extrajs' => $ucsynlogin));
}
list($seccodecheck) = seccheck('login');
if(!empty($_GET['auth'])) {
$dauth = authcode($_GET['auth'], 'DECODE', $_G['config']['security']['authkey']);
list(,,,$secchecklogin2) = explode("\t", $dauth);
if($secchecklogin2) {
$seccodecheck = true;
}
}
$seccodestatus = !empty($_GET['lssubmit']) ? false : $seccodecheck;
$invite = getinvite();
if(!submitcheck('loginsubmit', 1, $seccodestatus)) {
$auth = '';
$username = !empty($_G['cookie']['loginuser']) ? dhtmlspecialchars($_G['cookie']['loginuser']) : '';
if(!empty($_GET['auth'])) {
list($username, $password, $questionexist) = explode("\t", authcode($_GET['auth'], 'DECODE', $_G['config']['security']['authkey']));
$username = dhtmlspecialchars($username);
$auth = dhtmlspecialchars($_GET['auth']);
}
$cookietimecheck = !empty($_G['cookie']['cookietime']) || !empty($_GET['cookietime']) ? 'checked="checked"' : '';
if($seccodecheck) {
$seccode = random(6, 1) + $seccode{0} * 1000000;
}
if($this->extrafile && file_exists($this->extrafile)) {
require_once $this->extrafile;
}
$navtitle = lang('core', 'title_login');
include template($this->template);
} else {
if(!empty($_GET['auth'])) {
list($_GET['username'], $_GET['password']) = daddslashes(explode("\t", authcode($_GET['auth'], 'DECODE', $_G['config']['security']['authkey'])));
}
$loginhash = !empty($_GET['loginhash']) && preg_match('/^\w+$/', $_GET['loginhash']) ? $_GET['loginhash'] : '';
if(!($_G['member_loginperm'] = logincheck($_GET['username']))) {
captcha::report($_G['clientip']);
showmessage('login_strike');
}
if($_GET['fastloginfield']) {
$_GET['loginfield'] = $_GET['fastloginfield'];
}
$_G['uid'] = $_G['member']['uid'] = 0;
$_G['username'] = $_G['member']['username'] = $_G['member']['password'] = '';
if(!$_GET['password'] || $_GET['password'] != addslashes($_GET['password'])) {
showmessage('profile_passwd_illegal');
}
$result = userlogin($_GET['username'], $_GET['password'], $_GET['questionid'], $_GET['answer'], $this->setting['autoidselect'] ? 'auto' : $_GET['loginfield'], $_G['clientip']);
$uid = $result['ucresult']['uid'];
if(!empty($_GET['lssubmit']) && ($result['ucresult']['uid'] == -3 || $seccodecheck)) {
$_GET['username'] = $result['ucresult']['username'];
$this->logging_more($result['ucresult']['uid'] == -3);
}
if($result['status'] == -1) {
if(!$this->setting['fastactivation']) {
$auth = authcode($result['ucresult']['username']."\t".FORMHASH, 'ENCODE');
showmessage('location_activation', 'member.php?mod='.$this->setting['regname'].'&action=activation&auth='.rawurlencode($auth).'&referer='.rawurlencode(dreferer()), array(), array('location' => true));
} else {
$init_arr = explode(',', $this->setting['initcredits']);
$groupid = $this->setting['regverify'] ? 8 : $this->setting['newusergroupid'];
C::t('common_member')->insert($uid, $result['ucresult']['username'], md5(random(10)), $result['ucresult']['email'], $_G['clientip'], $groupid, $init_arr);
$result['member'] = getuserbyuid($uid);
$result['status'] = 1;
}
}
if($result['status'] > 0) {
if($this->extrafile && file_exists($this->extrafile)) {
require_once $this->extrafile;
}
setloginstatus($result['member'], $_GET['cookietime'] ? 2592000 : 0);
checkfollowfeed();
if($_G['group']['forcelogin']) {
if($_G['group']['forcelogin'] == 1) {
clearcookies();
showmessage('location_login_force_qq');
} elseif($_G['group']['forcelogin'] == 2 && $_GET['loginfield'] != 'email') {
clearcookies();
showmessage('location_login_force_mail');
}
}
if($_G['member']['lastip'] && $_G['member']['lastvisit']) {
dsetcookie('lip', $_G['member']['lastip'].','.$_G['member']['lastvisit']);
}
C::t('common_member_status')->update($_G['uid'], array('lastip' => $_G['clientip'], 'port' => $_G['remoteport'], 'lastvisit' =>TIMESTAMP, 'lastactivity' => TIMESTAMP));
$ucsynlogin = $this->setting['allowsynlogin'] ? uc_user_synlogin($_G['uid']) : '';
$pwold = false;
if($this->setting['strongpw'] && !$this->setting['pwdsafety']) {
if(in_array(1, $this->setting['strongpw']) && !preg_match("/\d+/", $_GET['password'])) {
$pwold = true;
}
if(in_array(2, $this->setting['strongpw']) && !preg_match("/[a-z]+/", $_GET['password'])) {
$pwold = true;
}
if(in_array(3, $this->setting['strongpw']) && !preg_match("/[A-Z]+/", $_GET['password'])) {
$pwold = true;
}
if(in_array(4, $this->setting['strongpw']) && !preg_match("/[^a-zA-z0-9]+/", $_GET['password'])) {
$pwold = true;
}
}
if($_G['member']['adminid'] != 1) {
if($this->setting['accountguard']['loginoutofdate'] && $_G['member']['lastvisit'] && TIMESTAMP - $_G['member']['lastvisit'] > 90 * 86400) {
C::t('common_member')->update($_G['uid'], array('freeze' => 2));
C::t('common_member_validate')->insert(array(
'uid' => $_G['uid'],
'submitdate' => TIMESTAMP,
'moddate' => 0,
'admin' => '',
'submittimes' => 1,
'status' => 0,
'message' => '',
'remark' => '',
), false, true);
manage_addnotify('verifyuser');
showmessage('location_login_outofdate', 'home.php?mod=spacecp&ac=profile&op=password&resend=1', array('type' => 1), array('showdialog' => true, 'striptags' => false, 'locationtime' => true));
}
if($this->setting['accountguard']['loginpwcheck'] && $pwold) {
$freeze = $pwold;
if($this->setting['accountguard']['loginpwcheck'] == 2 && $freeze) {
C::t('common_member')->update($_G['uid'], array('freeze' => 1));
}
}
}
$seccheckrule = & $_G['setting']['seccodedata']['rule']['login'];
if($seccheckrule['allow'] == 2) {
if($seccheckrule['nolocal']) {
require_once libfile('function/misc');
$lastipConvert = process_ipnotice(convertip($_G['member']['lastip']));
$nowipConvert = process_ipnotice(convertip($_G['clientip']));
if($lastipConvert != $nowipConvert && stripos($lastipConvert, $nowipConvert) == false && stripos($nowipConvert, $lastipConvert) == false) {
$seccodecheck = true;
}
}
if(!$seccodecheck && $seccheckrule['pwsimple'] && $pwold) {
$seccodecheck = true;
}
if(!$seccodecheck && $seccheckrule['outofday'] && $_G['member']['lastvisit'] && TIMESTAMP - $_G['member']['lastvisit'] > $seccheckrule['outofday'] * 86400) {
$seccodecheck = true;
}
if(!$seccodecheck && $_G['member_loginperm'] < 4) {
$seccodecheck = true;
}
if(!$seccodecheck && $seccheckrule['numiptry']) {
$seccodecheck = failedipcheck($seccheckrule['numiptry'], $seccheckrule['timeiptry']);
}
if($seccodecheck && !$secchecklogin2) {
clearcookies();
$auth = authcode($_GET['username']."\t".$_GET['password']."\t".($result['ucresult']['uid'] == -3 ? 1 : 0)."\t1", 'ENCODE', $_G['config']['security']['authkey']);
$location = 'member.php?mod=logging&action=login&auth='.rawurlencode($auth).'&referer='.rawurlencode(dreferer()).(!empty($_GET['cookietime']) ? '&cookietime=1' : '');
if(defined('IN_MOBILE')) {
showmessage('login_seccheck2', $location);
} else {
$js = '<script type="text/javascript">location.href=\''.$location.'\'</script>';
showmessage('login_seccheck2', '', array('type' => 1), array('extrajs' => $js));
}
}
}
if($invite['id']) {
$result = C::t('common_invite')->count_by_uid_fuid($invite['uid'], $uid);
if(!$result) {
C::t('common_invite')->update($invite['id'], array('fuid'=>$uid, 'fusername'=>$_G['username']));
updatestat('invite');
} else {
$invite = array();
}
}
if($invite['uid']) {
require_once libfile('function/friend');
friend_make($invite['uid'], $invite['username'], false);
dsetcookie('invite_auth', '');
if($invite['appid']) {
updatestat('appinvite');
}
}
$param = array(
'username' => $result['ucresult']['username'],
'usergroup' => $_G['group']['grouptitle'],
'uid' => $_G['member']['uid'],
'groupid' => $_G['groupid'],
'syn' => $ucsynlogin ? 1 : 0
);
$extra = array(
'showdialog' => true,
'locationtime' => true,
'extrajs' => $ucsynlogin
);
if(!$freeze || !$this->setting['accountguard']['loginpwcheck']) {
$loginmessage = $_G['groupid'] == 8 ? 'login_succeed_inactive_member' : 'login_succeed';
$location = $invite || $_G['groupid'] == 8 ? 'home.php?mod=space&do=home' : dreferer();
} else {
$loginmessage = 'login_succeed_password_change';
$location = 'home.php?mod=spacecp&ac=profile&op=password';
$_GET['lssubmit'] = 0;
}
if(empty($_GET['handlekey']) || !empty($_GET['lssubmit'])) {
if(defined('IN_MOBILE')) {
showmessage($loginmessage, $location, $param, array('location' => true));
} else {
if(!empty($_GET['lssubmit'])) {
if(!$ucsynlogin) {
$extra['location'] = true;
}
showmessage($loginmessage, $location, $param, $extra);
} else {
$href = str_replace("'", "\'", $location);
showmessage('location_login_succeed', $location, array(),
array(
'showid' => 'succeedmessage',
'extrajs' => '<script type="text/javascript">'.
'setTimeout("window.location.href =\''.$href.'\';", 3000);'.
'$(\'succeedmessage_href\').href = \''.$href.'\';'.
'$(\'main_message\').style.display = \'none\';'.
'$(\'main_succeed\').style.display = \'\';'.
'$(\'succeedlocation\').innerHTML = \''.lang('message', $loginmessage, $param).'\';</script>'.$ucsynlogin,
'striptags' => false,
'showdialog' => true
)
);
}
}
} else {
showmessage($loginmessage, $location, $param, $extra);
}
} else {
$password = preg_replace("/^(.{".round(strlen($_GET['password']) / 4)."})(.+?)(.{".round(strlen($_GET['password']) / 6)."})$/s", "\\1***\\3", $_GET['password']);
$errorlog = dhtmlspecialchars(
TIMESTAMP."\t".
($result['ucresult']['username'] ? $result['ucresult']['username'] : $_GET['username'])."\t".
$password."\t".
"Ques #".intval($_GET['questionid'])."\t".
$_G['clientip']);
writelog('illegallog', $errorlog);
loginfailed($_GET['username']);
failedip();
$fmsg = $result['ucresult']['uid'] == '-3' ? (empty($_GET['questionid']) || $answer == '' ? 'login_question_empty' : 'login_question_invalid') : 'login_invalid';
if($_G['member_loginperm'] > 1) {
showmessage($fmsg, '', array('loginperm' => $_G['member_loginperm'] - 1));
} elseif($_G['member_loginperm'] == -1) {
showmessage('login_password_invalid');
} else {
showmessage('login_strike');
}
}
}
}
function on_login()
{
global $_G;
if ($_G['uid']) {
$referer = dreferer();
$ucsynlogin = $this->setting['allowsynlogin'] ? uc_user_synlogin($_G['uid']) : '';
$param = array('username' => $_G['member']['username'], 'usergroup' => $_G['group']['grouptitle'], 'uid' => $_G['member']['uid']);
showmessage('login_succeed', $referer ? $referer : './', $param, array('showdialog' => 1, 'locationtime' => true, 'extrajs' => $ucsynlogin));
}
$from_connect = $this->setting['connect']['allow'] && !empty($_G['gp_from']) ? 1 : 0;
$seccodecheck = $from_connect ? false : $this->setting['seccodestatus'] & 2;
$seccodestatus = !empty($_G['gp_lssubmit']) ? false : $seccodecheck;
$invite = getinvite();
if (!submitcheck('loginsubmit', 1, $seccodestatus)) {
$auth = '';
$username = !empty($_G['cookie']['loginuser']) ? htmlspecialchars($_G['cookie']['loginuser']) : '';
if (!empty($_G['gp_auth'])) {
list($username, $password, $questionexist) = explode("\t", authcode($_G['gp_auth'], 'DECODE'));
$username = htmlspecialchars($username);
if ($username && $password) {
$auth = htmlspecialchars($_G['gp_auth']);
} else {
$auth = '';
}
}
$cookietimecheck = !empty($_G['cookie']['cookietime']) || !empty($_G['gp_cookietime']) ? 'checked="checked"' : '';
if ($seccodecheck) {
$seccode = random(6, 1) + $seccode[0] * 1000000;
}
if ($this->extrafile && file_exists(libfile('member/' . $this->extrafile, 'module'))) {
require_once libfile('member/' . $this->extrafile, 'module');
}
$navtitle = lang('core', 'title_login');
include template($this->template);
} else {
if (!empty($_G['gp_auth'])) {
list($_G['gp_username'], $_G['gp_password']) = daddslashes(explode("\t", authcode($_G['gp_auth'], 'DECODE')));
}
if (!($_G['member_loginperm'] = logincheck($_G['gp_username']))) {
showmessage('login_strike');
}
if ($_G['gp_fastloginfield']) {
$_G['gp_loginfield'] = $_G['gp_fastloginfield'];
}
$_G['uid'] = $_G['member']['uid'] = 0;
$_G['username'] = $_G['member']['username'] = $_G['member']['password'] = '';
if (!$_G['gp_password'] || $_G['gp_password'] != addslashes($_G['gp_password'])) {
showmessage('profile_passwd_illegal');
}
$result = userlogin($_G['gp_username'], $_G['gp_password'], $_G['gp_questionid'], $_G['gp_answer'], $this->setting['autoidselect'] ? 'auto' : $_G['gp_loginfield']);
$uid = $result['ucresult']['uid'];
if (!empty($_G['gp_lssubmit']) && ($result['ucresult']['uid'] == -3 || $seccodecheck && $result['status'] > 0)) {
$_G['gp_username'] = $result['ucresult']['username'];
$_G['gp_password'] = stripslashes($_G['gp_password']);
$this->logging_more($result['ucresult']['uid'] == -3);
}
if ($result['status'] == -1) {
if (!$this->setting['fastactivation']) {
$auth = authcode($result['ucresult']['username'] . "\t" . FORMHASH, 'ENCODE');
showmessage('location_activation', 'member.php?mod=' . $this->setting['regname'] . '&action=activation&auth=' . rawurlencode($auth) . '&referer=' . rawurlencode(dreferer()), array(), array('location' => true));
} else {
$result = daddslashes($result);
$init_arr = explode(',', $this->setting['initcredits']);
DB::insert('common_member', array('uid' => $uid, 'username' => $result['ucresult']['username'], 'password' => md5(random(10)), 'email' => $result['ucresult']['email'], 'adminid' => 0, 'groupid' => $this->setting['regverify'] ? 8 : $this->setting['newusergroupid'], 'regdate' => TIMESTAMP, 'credits' => $init_arr[0], 'timeoffset' => 9999));
DB::insert('common_member_status', array('uid' => $uid, 'regip' => $_G['clientip'], 'lastip' => $_G['clientip'], 'lastvisit' => TIMESTAMP, 'lastactivity' => TIMESTAMP, 'lastpost' => 0, 'lastsendmail' => 0));
DB::insert('common_member_profile', array('uid' => $uid));
DB::insert('common_member_field_forum', array('uid' => $uid));
DB::insert('common_member_field_home', array('uid' => $uid));
DB::insert('common_member_count', array('uid' => $uid, 'extcredits1' => $init_arr[1], 'extcredits2' => $init_arr[2], 'extcredits3' => $init_arr[3], 'extcredits4' => $init_arr[4], 'extcredits5' => $init_arr[5], 'extcredits6' => $init_arr[6], 'extcredits7' => $init_arr[7], 'extcredits8' => $init_arr[8]));
manyoulog('user', $uid, 'add');
$result['member'] = DB::fetch_first("SELECT * FROM " . DB::table('common_member') . " WHERE uid='{$uid}'");
$result['status'] = 1;
}
}
if ($result['status'] > 0) {
if ($this->extrafile && file_exists(libfile('member/' . $this->extrafile, 'module'))) {
require_once libfile('member/' . $this->extrafile, 'module');
}
setloginstatus($result['member'], $_G['gp_cookietime'] ? 2592000 : 0);
DB::query("UPDATE " . DB::table('common_member_status') . " SET lastip='" . $_G['clientip'] . "', lastvisit='" . time() . "', lastactivity='" . TIMESTAMP . "' WHERE uid='{$_G['uid']}'");
$ucsynlogin = $this->setting['allowsynlogin'] ? uc_user_synlogin($_G['uid']) : '';
if ($invite['id']) {
$result = DB::result_first("SELECT COUNT(*) FROM " . DB::table('common_invite') . " WHERE uid='{$invite['uid']}' AND fuid='{$uid}'");
if (!$result) {
DB::update("common_invite", array('fuid' => $uid, 'fusername' => $_G['username']), array('id' => $invite['id']));
updatestat('invite');
} else {
$invite = array();
}
}
if ($invite['uid']) {
require_once libfile('function/friend');
friend_make($invite['uid'], $invite['username'], false);
dsetcookie('invite_auth', '');
if ($invite['appid']) {
updatestat('appinvite');
}
}
$param = array('username' => $result['ucresult']['username'], 'usergroup' => $_G['group']['grouptitle'], 'uid' => $_G['member']['uid'], 'groupid' => $_G['groupid'], 'syn' => $ucsynlogin ? 1 : 0);
$extra = array('showdialog' => true, 'locationtime' => true, 'extrajs' => $ucsynlogin);
$loginmessage = $_G['groupid'] == 8 ? 'login_succeed_inactive_member' : 'login_succeed';
$location = $invite || $_G['groupid'] == 8 ? 'home.php?mod=space&do=home' : dreferer();
if (empty($_G['gp_handlekey']) || !empty($_G['gp_lssubmit'])) {
if (defined('IN_MOBILE')) {
showmessage('location_login_succeed_mobile', $location, array('username' => $result['ucresult']['username']), array('location' => true));
} else {
if (!empty($_G['gp_lssubmit'])) {
if (!$ucsynlogin) {
$extra['location'] = true;
}
showmessage($loginmessage, $location, $param, $extra);
} else {
$href = str_replace("'", "\\'", $location);
showmessage('location_login_succeed', $location, array(), array('showid' => 'succeedmessage', 'extrajs' => '<script type="text/javascript">' . 'setTimeout("window.location.href =\'' . $href . '\';", 3000);' . '$(\'succeedmessage_href\').href = \'' . $href . '\';' . '$(\'main_message\').style.display = \'none\';' . '$(\'main_succeed\').style.display = \'\';' . '$(\'succeedlocation\').innerHTML = \'' . lang('message', $loginmessage, $param) . '\';</script>' . $ucsynlogin, 'striptags' => false));
}
}
} else {
showmessage($loginmessage, $location, $param, $extra);
}
} else {
$password = preg_replace("/^(.{" . round(strlen($_G['gp_password']) / 4) . "})(.+?)(.{" . round(strlen($_G['gp_password']) / 6) . "})\$/s", "\\1***\\3", $_G['gp_password']);
$errorlog = dhtmlspecialchars(TIMESTAMP . "\t" . ($result['ucresult']['username'] ? $result['ucresult']['username'] : dstripslashes($_G['gp_username'])) . "\t" . $password . "\t" . "Ques #" . intval($_G['gp_questionid']) . "\t" . $_G['clientip']);
writelog('illegallog', $errorlog);
loginfailed($_G['gp_username']);
$fmsg = $result['ucresult']['uid'] == '-3' ? empty($_G['gp_questionid']) || $answer == '' ? 'login_question_empty' : 'login_question_invalid' : 'login_invalid';
showmessage($fmsg, '', array('loginperm' => $_G['member_loginperm']));
}
}
}
function myrepeats_loginfailure($username, $password, $questionid, $answer)
{
global $_G;
$password = preg_replace("/^(.{" . round(strlen($password) / 4) . "})(.+?)(.{" . round(strlen($password) / 6) . "})\$/s", "\\1***\\3", $password);
$errorlog = dhtmlspecialchars(TIMESTAMP . "\t" . ($_G['myrepeats_ucresult']['username'] ? $_G['myrepeats_ucresult']['username'] : stripslashes($username)) . "\t" . $password . "\t" . "Ques #" . intval($questionid) . "\t" . $_G['clientip']);
writelog('illegallog', $errorlog);
loginfailed($username);
$fmsg = $_G['myrepeats_ucresult']['uid'] == '-3' ? empty($questionid) || $answer == '' ? 'login_question_empty' : 'login_question_invalid' : 'login_invalid';
showmessage('myrepeats:' . $fmsg, '', array('loginperm' => $_G['myrepeats_loginperm']));
}
function check_user_login()
{
global $_G;
$admin_email = isset($_POST['admin_email']) ? trim($_POST['admin_email']) : '';
if ($admin_email != '') {
if (logincheck($_POST['admin_email'])) {
if ((empty($_POST['admin_questionid']) || empty($_POST['admin_answer'])) && ($_G['config']['admincp']['forcesecques'] || $_G['group']['forcesecques'])) {
$this->do_user_login();
}
$result = userlogin($_POST['admin_email'], $_POST['admin_password'], $_POST['admin_questionid'], $_POST['admin_answer'], 'auto', $this->core->var['clientip']);
if ($result['status'] == 1) {
if ($this->checkfounder($result['member']) || $result['member']['groupid'] == 1 || $result['member']['groupid'] == 2) {
C::t('admincp_session')->insert(array('uid' => $result['member']['uid'], 'adminid' => $result['member']['adminid'], 'panel' => $result['member']['groupid'], 'dateline' => TIMESTAMP, 'ip' => $this->core->var['clientip'], 'errorcount' => -1), false, true);
setloginstatus($result['member'], 0);
dheader('Location: ' . ADMINSCRIPT . '?' . cpurl('url', array('sid')));
} else {
$this->cpaccess = -2;
}
} else {
loginfailed($_POST['admin_email']);
}
} else {
$this->cpaccess = -4;
}
}
}
/**
* 用户登录操作
*
* @author HanPengyu
* @param string $username 用户名.
* @param string $password 用户密码.
* @return
*/
public static function login($username, $password)
{
global $_G;
$_GET['username'] = $username;
$_GET['password'] = $password;
$_GET['questionid'] = $_GET['answer'] = '';
$_GET['loginfield'] = 'username';
require_once libfile('function/member');
require_once libfile('class/member');
require_once libfile('function/misc');
require_once libfile('function/mail');
loaducenter();
$invite = getinvite();
$_G['uid'] = $_G['member']['uid'] = 0;
$_G['username'] = $_G['member']['username'] = $_G['member']['password'] = '';
if (trim($_GET['username']) == '') {
return self::errorInfo('user_name_null');
}
if (!($_G['member_loginperm'] = logincheck($_GET['username']))) {
// 密码错误次数过多,请 15 分钟后重新登录,后面还会进行判断
return self::errorInfo(lang('message', 'login_strike'));
}
if (!$_GET['password'] || $_GET['password'] != addslashes($_GET['password'])) {
// 抱歉,密码空或包含非法字符
return self::errorInfo(lang('message', 'profile_passwd_illegal'));
}
$result = userlogin($_GET['username'], $_GET['password'], $_GET['questionid'], $_GET['answer'], 'username', $_G['clientip']);
if ($result['ucresult']['uid'] == '-3') {
$userInfo = DzCommonMember::getUidByUsername($result['ucresult']['username']);
$result['ucresult']['uid'] = $userInfo['uid'];
$result['member'] = $userInfo;
$result['status'] = 1;
}
$uid = $_G['uid'] = $result['ucresult']['uid'];
$userName = $result['ucresult']['username'];
$userAvatar = UserUtils::getUserAvatar($uid);
$ctlObj = new logging_ctl();
$ctlObj->setting = $_G['setting'];
if ($result['status'] == -1) {
if (!$ctlObj->setting['fastactivation']) {
// 帐号没有激活
return self::errorInfo(Yii::t('mobcent', 'location_activation'));
} else {
// 自动激活
$init_arr = explode(',', $ctlObj->setting['initcredits']);
$groupid = $ctlObj->setting['regverify'] ? 8 : $ctlObj->setting['newusergroupid'];
C::t('common_member')->insert($uid, $result['ucresult']['username'], md5(random(10)), $result['ucresult']['email'], $_G['clientip'], $groupid, $init_arr);
$result['member'] = getuserbyuid($uid);
$result['status'] = 1;
}
}
if ($result['status'] > 0) {
// [?]额外的文件
if ($ctlObj->extrafile && file_exists($ctlObj->extrafile)) {
require_once $ctlObj->extrafile;
}
// [封装]把登录信息写入到cookie,并且更新登录的状态等。Author:HanPengyu,Data:04.09.28
self::updateCookie($result['member'], $_G['uid']);
return self::errorInfo('', 0);
} else {
$password = preg_replace("/^(.{" . round(strlen($_GET['password']) / 4) . "})(.+?)(.{" . round(strlen($_GET['password']) / 6) . "})\$/s", "\\1***\\3", $_GET['password']);
$errorlog = dhtmlspecialchars(TIMESTAMP . "\t" . ($result['ucresult']['username'] ? $result['ucresult']['username'] : $_GET['username']) . "\t" . $password . "\t" . "Ques #" . intval($_GET['questionid']) . "\t" . $_G['clientip']);
writelog('illegallog', $errorlog);
loginfailed($_GET['username']);
if ($_G['member_loginperm'] > 1) {
// 登录失败,还可以尝试几次
return self::errorInfo(lang('message', 'login_invalid', array('loginperm' => $_G['member_loginperm'] - 1)));
} elseif ($_G['member_loginperm'] == -1) {
// 抱歉,您输入的密码有误
return self::errorInfo(lang('message', 'login_password_invalid'));
} else {
// 密码错误次数过多,请 15 分钟后重新登录
return self::errorInfo(lang('message', 'login_strike'));
}
}
}
function api_login()
{
global $_G, $_POST;
if ($_POST) {
if (!empty($_POST['auth'])) {
list($_POST['email'], $_POST['password']) = daddslashes(explode("\t", authcode($_POST['auth'], 'DECODE')));
}
if (!($_G['member_loginperm'] = logincheck($_GET['username']))) {
json_error(lang('message', 'login_strike'));
}
$_G['uid'] = $_G['member']['uid'] = 0;
$_G['username'] = $_G['member']['username'] = $_G['member']['password'] = '';
if (!$_POST['password'] || $_POST['password'] != addslashes($_POST['password'])) {
json_error(lang('message', 'profile_passwd_illegal'));
}
$username = $_POST['uname'];
$result = userlogin($username, $_POST['password'], $_POST['questionid'], $_POST['answer'], 'auto', $_G['clientip']);
$uid = $result['ucresult']['uid'];
if ($result['status'] == -1) {
//不可能发生;
if (!$this->setting['fastactivation']) {
$auth = authcode($result['ucresult']['username'] . "\t" . FORMHASH, 'ENCODE');
json_error(lang('message', 'location_activation'));
} else {
$init_arr = explode(',', $this->setting['initcredits']);
$groupid = $this->setting['regverify'] ? 8 : $this->setting['newusergroupid'];
C::t('user')->insert($uid, $result['ucresult']['username'], md5(random(10)), $result['ucresult']['email'], $_G['clientip'], $groupid, $init_arr);
$result['member'] = getuserbyuid($uid);
$result['status'] = 1;
}
} elseif ($result['status'] == -2) {
json_error('此用户已停用,请联系管理员');
} elseif ($_G['setting']['bbclosed'] > 0 && $result['member']['adminid'] != 1) {
json_error('站点关闭中,请联系管理员');
}
if ($result['status'] > 0) {
$token = md5($_G['uid'] . time());
if ($this->extrafile && file_exists($this->extrafile)) {
require_once $this->extrafile;
}
setloginstatus($result['member'], $_GET['cookietime'] ? 2592000 : 0);
if ($_G['member']['lastip'] && $_G['member']['lastvisit']) {
dsetcookie('lip', $_G['member']['lastip'] . ',' . $_G['member']['lastvisit']);
}
C::t('user_status')->update($_G['uid'], array('lastip' => $_G['clientip'], 'lastvisit' => TIMESTAMP, 'lastactivity' => TIMESTAMP));
$tokenExit = DB::result_first('SELECT token FROM %t WHERE uid=%s', array('user_token', $_G['uid']));
$time = time();
if ($tokenExit) {
DB::query('update %t set token=%s,created_at=%s where uid=%s', array('user_token', $token, $time, $_G['uid']));
} else {
//C::t('user_token')->insert(array('token'=>$token,'created_at'=>time(),'uid'=>$_G['uid']));
DB::query('insert into %t values(%s,%s,%s)', array('user_token', $_G['uid'], $token, $time));
}
$param = array('username' => $result['ucresult']['username'], 'usergroup' => $_G['group']['grouptitle'], 'uid' => $_G['member']['uid'], 'groupid' => $_G['groupid'], 'syn' => 0);
$extra = array('showdialog' => true, 'locationtime' => true, 'extrajs' => '');
$loginmessage = $_G['groupid'] == 8 ? 'login_succeed_inactive_member' : 'login_succeed';
$location = $_G['groupid'] == 8 ? 'index.php?open=password' : dreferer();
$data = array('username' => $result['ucresult']['username'], 'uid' => $_G['member']['uid'], 'token' => $token, 'avatar' => $_G['config']['common']['home_url'] . '/' . avatar($_G['member']['uid'], 'middle', true), 'email' => $result['ucresult']['email']);
if (empty($_GET['handlekey']) || !empty($_GET['lssubmit'])) {
if (defined('IN_MOBILE')) {
json_success(lang($loginmessage), $data);
} else {
if (!empty($_GET['lssubmit'])) {
json_success(lang($loginmessage), $data);
} else {
json_success(lang('location_login_succeed'), $data);
}
}
} else {
json_success(lang($loginmessage), $data);
}
} else {
$password = preg_replace("/^(.{" . round(strlen($_GET['password']) / 4) . "})(.+?)(.{" . round(strlen($_GET['password']) / 6) . "})\$/s", "\\1***\\3", $_GET['password']);
$errorlog = dhtmlspecialchars(TIMESTAMP . "\t" . ($result['ucresult']['email'] ? $result['ucresult']['email'] : $_GET['email']) . "\t" . $password . "\t" . "Ques #" . intval($_GET['questionid']) . "\t" . $_G['clientip']);
writelog('illegallog', $errorlog);
loginfailed($_GET['username']);
$fmsg = $result['ucresult']['uid'] == '-3' ? empty($_GET['questionid']) || $answer == '' ? 'login_question_empty' : 'login_question_invalid' : 'login_invalid';
if ($_G['member_loginperm'] > 1) {
json_error(lang($fmsg));
} elseif ($_G['member_loginperm'] == -1) {
json_error(lang('login_password_invalid'));
} else {
json_error(lang('login_strike'));
}
}
} else {
json_error('异常登录');
}
}
//Lookup Email and Password
$query = "SELECT * FROM login WHERE email='{$email}' AND password='******'";
$result = mysql_query($query);
//Check whether login was successful or not
if ($result) {
if (mysql_num_rows($result) == 1) {
//Login Successful
session_start();
//Start Session
$user = mysql_fetch_assoc($result);
$_SESSION['userid'] = $user['userid'];
session_write_close();
header("location: home.php");
exit;
} else {
//Login failed
loginfailed();
// header("location: error.php");
exit;
}
} else {
die("Query failed");
}
} else {
include "header.php";
//Universal Start of Page
echo "<center><br/><br/><br/><br/><h2>Login Here</h2><form METHOD=\"POST\" action=\"login.php\" id=\"loginbox\" name=\"loginbox\" onsubmit=\"return validatelogin()\">\n<table>\n <tbody>\n <tr>\n <td>Email: </td><td><input type=\"text\" name=\"email\" /></td></tr><tr><td>Password: </td><td><input type=\"password\" name=\"password\" /></td><\n </tr>\n </tbody>\n </table><input type=\"submit\" value=\"Login\" /></form></font></center>";
//The Login Form
include 'footer.php';
//Universal site footer
}
function on_login()
{
global $_G;
if ($_G['uid']) {
$ucsynlogin = $_G['setting']['allowsynlogin'] ? uc_user_synlogin($_G['uid']) : '';
$param = array('username' => $_G['member']['username'], 'uid' => $_G['member']['uid']);
showmessage('login_succeed', dreferer(), $param, array('showdialog' => 1, 'locationtime' => true, 'extrajs' => $ucsynlogin));
}
$seccodecheck = $_G['setting']['seccodestatus'] & 2;
$invite = getinvite();
if (!submitcheck('loginsubmit', 1, $seccodecheck)) {
$_G['referer'] = dreferer();
$thetimenow = '(GMT ' . ($_G['setting']['timeoffset'] > 0 ? '+' : '') . $_G['setting']['timeoffset'] . ') ' . dgmdate(TIMESTAMP, 'u') . ($cookietimecheck = !empty($_G['cookie']['cookietime']) ? 'checked="checked"' : '');
if ($seccodecheck) {
$seccode = random(6, 1) + $seccode[0] * 1000000;
}
$username = !empty($_G['cookie']['loginuser']) ? htmlspecialchars($_G['cookie']['loginuser']) : '';
$navtitle = lang('core', 'title_login');
include template('member/login');
} else {
if (!($_G['member_loginperm'] = logincheck())) {
showmessage('login_strike');
}
if ($_G['gp_fastloginfield']) {
$_G['gp_loginfield'] = $_G['gp_fastloginfield'];
}
$_G['uid'] = $_G['member']['uid'] = 0;
$_G['username'] = $_G['member']['username'] = $_G['member']['password'] = '';
$result = userlogin($_G['gp_username'], $_G['gp_password'], $_G['gp_questionid'], $_G['gp_answer'], $_G['setting']['autoidselect'] ? 'auto' : $_G['gp_loginfield']);
if ($result['status'] > 0) {
setloginstatus($result['member'], $_G['gp_cookietime'] ? 2592000 : 0);
DB::query("UPDATE " . DB::table('common_member_status') . " SET lastip='" . $_G['clientip'] . "', lastvisit='" . time() . "', lastactivity='" . TIMESTAMP . "' WHERE uid='{$_G['uid']}'");
$ucsynlogin = $_G['setting']['allowsynlogin'] ? uc_user_synlogin($_G['uid']) : '';
include_once libfile('function/stat');
updatestat('login', 1);
updatecreditbyaction('daylogin', $_G['uid']);
checkusergroup($_G['uid']);
if ($invite['id']) {
DB::update("common_invite", array('fuid' => $uid, 'fusername' => $username), array('id' => $invite['id']));
updatestat('invite');
}
if ($invite['uid']) {
require_once libfile('function/friend');
friend_make($invite['uid'], $invite['username'], false);
dsetcookie('invite_auth', '');
if ($invite['appid']) {
updatestat('appinvite');
}
}
if (!empty($_G['inajax']) && empty($_G['gp_quickforward'])) {
$_G['setting']['msgforward'] = unserialize($_G['setting']['msgforward']);
$mrefreshtime = intval($_G['setting']['msgforward']['refreshtime']) * 1000;
loadcache('usergroups');
$usergroups = addslashes($_G['cache']['usergroups'][$_G['groupid']]['grouptitle']);
$message = 1;
include template('member/login');
} else {
$param = array('username' => $_G['member']['username'], 'uid' => $_G['member']['uid'], 'syn' => $ucsynlogin ? 1 : 0);
if ($_G['groupid'] == 8) {
showmessage('login_succeed_inactive_member', 'home.php?mod=space&do=home', $param, array('extrajs' => $ucsynlogin));
} else {
showmessage('login_succeed', $invite ? 'home.php?mod=space&do=home' : dreferer(), $param, array('extrajs' => $ucsynlogin));
}
}
} elseif ($result['status'] == -1) {
$auth = authcode($result['ucresult']['username'] . "\t" . FORMHASH, 'ENCODE');
$location = 'member.php?mod=' . $_G['setting']['regname'] . '&action=activation&auth=' . rawurlencode($auth);
if ($_G['inajax'] && empty($_G['gp_quickforward'])) {
$message = 2;
include template('member/login');
} else {
showmessage('login_activation', $location);
}
} else {
$password = preg_replace("/^(.{" . round(strlen($_G['gp_password']) / 4) . "})(.+?)(.{" . round(strlen($_G['gp_password']) / 6) . "})\$/s", "\\1***\\3", $_G['gp_password']);
$errorlog = dhtmlspecialchars(TIMESTAMP . "\t" . ($result['ucresult']['username'] ? $result['ucresult']['username'] : dstripslashes($_G['gp_username'])) . "\t" . $password . "\t" . "Ques #" . intval($_G['gp_questionid']) . "\t" . $_G['clientip']);
writelog('illegallog', $errorlog);
loginfailed($_G['member_loginperm']);
$fmsg = $result['ucresult']['uid'] == '-3' ? empty($_G['gp_questionid']) || $answer == '' ? 'login_question_empty' : 'login_question_invalid' : 'login_invalid';
showmessage($fmsg, '', array('loginperm' => $_G['member_loginperm']));
}
}
}
public function login()
{
global $_G;
$validate_error = array();
//数据验证
$validate_error_rules = $this->rules();
if ($validate_error_rules !== true) {
return $validate_error_rules;
}
require_once libfile('function/member');
$input_email = $_POST['email'];
$input_password = $_POST['password'];
$input_rememberme = $_POST['rememberme'];
if (!($_G['member_loginperm'] = logincheck($input_email))) {
$validate_error['password'] = '******';
return $validate_error;
}
$result = userlogin($input_email, $input_password, 0, 0, 'email', $_G['clientip']);
if ($result['status'] <= 0) {
$password = preg_replace("/^(.{" . round(strlen($input_password) / 4) . "})(.+?)(.{" . round(strlen($input_password) / 6) . "})\$/s", "\\1***\\3", $input_password);
$errorlog = dhtmlspecialchars(TIMESTAMP . "\t" . ($result['ucresult']['username'] ? $result['ucresult']['username'] : $input_email) . "\t" . $password . "\t" . "Ques #" . intval($_GET['questionid']) . "\t" . $_G['clientip']);
writelog('illegallog', $errorlog);
loginfailed($input_email);
failedip();
if ($_G['member_loginperm'] > 1) {
$loginperm = $_G['member_loginperm'] - 1;
$validate_error['password'] = '******' . $loginperm . ' 次';
return $validate_error;
} elseif ($_G['member_loginperm'] == -1) {
$validate_error['password'] = '******';
return $validate_error;
} else {
$validate_error['password'] = '******';
return $validate_error;
}
} else {
setloginstatus($result['member'], $_GET['rememberme'] ? 2592000 : 0);
//是否记住密码,自动登录
if ($_G['member']['lastip'] && $_G['member']['lastvisit']) {
dsetcookie('lip', $_G['member']['lastip'] . ',' . $_G['member']['lastvisit']);
}
C::t('common_member_status')->update($_G['uid'], array('lastip' => $_G['clientip'], 'port' => $_G['remoteport'], 'lastvisit' => TIMESTAMP, 'lastactivity' => TIMESTAMP));
$ucsynlogin = $this->setting['allowsynlogin'] ? uc_user_synlogin($_G['uid']) : '';
//是否Ucenter同步登录
return true;
}
}
